Field of the Invention
The present invention relates to network security and more particularly to an apparatus, system, and method for reconciling security vulnerabilities identified by multiple independent methods including a Network Vulnerability Assessment tool, a Static Application Security Testing tool and Zero Day Vulnerability Metadata data source.
Description of the Related Art
Cyber security threats have evolved over time. Given the breadth of various types of threats and attacks, there is no one single vulnerability assessment technology that is capable of detecting every types of vulnerability.
Small to medium sized organizations often resort to only one vulnerability assessment technology due to the cost of employing more than one assessment method and also due to the challenge of reconciling the data from the various independent assessment technologies. Larger Organizations have occasionally used multiple vulnerability assessment tools, but are then faced with the vulnerability data reconciliation challenge. Organizations are therefore faced with either a single solution with limited vulnerability assessment coverage or a solution that employs multiple independent technologies resulting in better vulnerability assessment coverage but having an unsolved matching problem which ultimately leads to a misunderstanding of their risk contributed by the vulnerabilities.
Security Information and Event Management—SIEM technologies allow sourcing of security data from any security tool that has some form of external interface that provides access to a given tool's security information. SIEM tools are among the few technologies within the internet security marketplace that have attempted to merge multiple security information related data sets. However these existing SIEM technologies typically employ limited automated data reconciliation intelligence and which is not vulnerability data centric but instead only attempts to match the computer elements that each data set brings into the SIEM. Even then, the reconciliation technology employed within the existing SIEMs in the marketplace employ limited rule-sets to match the network hosts from the various independent data sets. Realizing that a given vulnerability may be discovered separately by several selected technologies, determining the true set of unique vulnerabilities that has been detected by the various independent technologies may be useful to determine the vulnerabilities contributing to the true security risk of the network devices for which the vulnerabilities pertain.